How to choose the best firewall for your enterprise

Learn how to choose the best firewall for your enterprise. This guide gives you purchasing advice, tells you which IT team is responsible for the perimeter security solution and offers a checklist of risks you must assess before making deciding which firewall/VPN to go with.

Keys to Managing Your Network in a Changing Dynamic

What does it really take to unify network management? In this guide, we examine today's unified network management tools, which vendors are doing what in the market, and what this means for you, the modern network manager.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

WHO IS RESPONSIBLE FOR FIREWALLS?

Information security extends beyond networks and has much wider domain coverage. It's always a good practice to have a separate InfoSec department that works with all the business units and departments and helps implement the organization's information security management system (ISMS). In regards to networks, Infosec works as an architect whereby they create IT security designs, policies, procedures and define IT security controls based on information security standards for network security. A network team takes these as inputs and helps implement and enforce the same on their network infrastructure. An example of this is controlling inbound/outbound access through firewall rules.

SECURITY RISK ASSESSMENT

Once you have chosen the team responsible for rolling out your security solution you will have to choose the most appropriate one for your enterprise. The way to determine this is to list and understand the risks your network and enterprise are facing. Risks are threats to your objectives. A proper risk analysis should be done before making any technology decision. When considering adopting firewall/VPN technology, here are some key security risks and standards which should be considered:

PURCHASING ADVICE

To choose the best perimeter security solution, first and foremost, consider the functionality of the firewall. The good news for those deciding between products is that mainstream firewalls all have the same core functions. Each performs stateful inspection packet filtering and allows the implementation of basic perimeter defenses. Security expert Michael Chapple recommends honing in on functional requirements. Ask yourself: Do you need to emphasize network throughput or enhanced security features?

One major point of differentiation between firewalls is their ability to perform application-layer inspection. (See the Introduction to firewall types section of this guide to learn more about application-layer firewalls.) Many firewalls simply don't have application-layer inspection, while others implement basic functionality (such as URL filtering). Some products, like Secure Computing Corp.'s Sidewinder G2 firewall and F5 Networks' BIG-IP Application Security Manager, have deep application inspection capabilities. These types of firewalls allow for complex application rule bases that limit the types of actions carried out over a connection. For example, you might limit inbound HTTP requests from the Internet to GET commands, while internal users might be able to issue POST commands. This functionality allows you to protect the enterprise against application-based attacks as well as network-based attacks.

Vendor firewall demos

Finally, consider the vendor itself. When investing in a firewall product, you're making a long-term decision. The financial commitment is only the tip of the iceberg; your firewall administrators will invest significant time and energy building and customizing a rule base for that particular product. In general, rule bases are not portable between platforms, so any future platform change will require a substantial commitment of human resources, so it's wise to make sure the vendors on your short list are all stable companies with solid financials. You certainly don't want to get on board a sinking ship. This advice was given by Michael Chapple at SearchSecurity.com.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy